Merge branch 'master' into Escape_Messages

.github/workflows/ci.yml

@@ -0,0 +1,96 @@
+name: CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  testenv:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ['3.5', '3.6', '3.7', '3.8', '3.9']
+        django-version: ['master', '2.0', '2.1', '2.2', '3.0', '3.1', '3.2', '4.0']
+        exclude:
+          - python-version: '3.8'
+            django-version: '2.0'
+          - python-version: '3.9'
+            django-version: '2.0'
+
+          - python-version: '3.8'
+            django-version: '2.1'
+          - python-version: '3.9'
+            django-version: '2.1'
+
+          - python-version: '3.5'
+            django-version: '3.0'
+
+          - python-version: '3.5'
+            django-version: '3.1'
+
+          - python-version: '3.5'
+            django-version: '3.2'
+
+          - python-version: '3.5'
+            django-version: '4.0'
+          - python-version: '3.6'
+            django-version: '4.0'
+          - python-version: '3.7'
+            django-version: '4.0'
+
+          - python-version: '3.5'
+            django-version: 'master'
+          - python-version: '3.6'
+            django-version: 'master'
+          - python-version: '3.7'
+            django-version: 'master'
+          - python-version: '3.8'
+            django-version: 'master'
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions coveralls
+    - name: Tox Test
+      run: tox
+      env:
+        PYTHON_VER: ${{ matrix.python-version }}
+        DJANGO: ${{ matrix.django-version }}
+    - name: Coverage (Coveralls)
+      if: ${{ success() }}
+      run: coveralls --service=github
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  extra:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        extra-env: ['docs', 'checkqa', 'standardjs']
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v2
+      if: ${{ matrix.extra-env == 'standardjs' }}
+      with:
+        node-version: '8'
+    - name: Set up Python 3.7
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.7'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox
+    - name: Tox Test
+      run: tox
+      env:
+        TOXENV: ${{ matrix.extra-env }}

AUTHORS

@@ -15,6 +15,7 @@ Ahmet Emre Aladağ
 Aldiantoro Nugroho
 Alexander Gaevsky
 Andrean Franc
+Andrew Chen Wang
 Andrey Akolpakov
 Andrey Balandin
 Andy Matthews
@@ -27,6 +28,7 @@ Basil Shubin
 Ben Timby
 Benjamin Jorand
 Benjamin Howes
+Bhavani Ravi
 Biel Massot
 Björn Andersson
 Bojan Mihelac
@@ -56,6 +58,7 @@ Fred Palmer
 Fábio Santos
 George Whewell
 Griffith Rees
+Guignard Javier
 Guilhem Saurel
 Guillaume Vincent
 Guoyu Hao
@@ -86,12 +89,14 @@ Jonas Aule
 JoonHwan Kim
 Josh Owen
 Josh Wright
+Joshua Butler
 Joshua Sorenson
 Julen Ruiz Aizpuru
 Justin Michalicek
 Justin Pogrob
 Kevin Dice
 Koichi Harakawa
+Kyle Harrison
 Lee Semel
 Lev Predan Kowarski
 Luis Diego García
@@ -114,6 +119,7 @@ Nathan Strobbe
 Niklas A Emanuelsson
 Oleg Sergeev
 Patrick Paul
+Paul Juergen Fischer
 Paulo Eduardo Neves
 Pavel Savchenko
 Peter Bittner

ChangeLog.rst

@@ -1,3 +1,84 @@
+0.48.0 (unreleased)
+*******************
+
+Note worthy changes
+-------------------
+
+- New translation: Bulgarian.
+
+- Introduced a new setting `ACCOUNT_PREVENT_ENUMERATION` that controls whether
+  or not information is revealed about whether or not a user account exists.
+  **Warning**: this is a work in progress, password reset is covered, yet,
+  signing up is not.
+
+- The `ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN` is now also respected when using
+  HMAC based email confirmations. In earlier versions, users could trigger email
+  verification mails without any limits.
+
+
+Backwards incompatible changes
+------------------------------
+
+- The newly introduced `ACCOUNT_PREVENT_ENUMERATION` defaults to `True` impacting
+  the current behavior of the password reset flow.
+
+
+0.47.0 (2021-12-09)
+*******************
+
+Note worthy changes
+-------------------
+
+- New providers: Gumroad.
+
+
+Backwards incompatible changes
+------------------------------
+
+- Added a new setting `SOCIALACCOUNT_LOGIN_ON_GET` that controls whether or not
+  the endpoints for initiating a social login (for example,
+  "/accounts/google/login/") require a POST request to initiate the
+  handshake. As requiring a POST is more secure, the default of this new setting
+  is `False`.
+
+
+Security notice
+---------------
+
+Automatically signing in users into their account and connecting additional
+third party accounts via a simple redirect ("/accounts/facebook/login/") can
+lead to unexpected results and become a security issue especially when the
+redirect is triggered from a malicious web site. For example, if an attacker
+prepares a malicious website that (ab)uses the Facebook password recovery
+mechanism to first sign into his/her own Facebook account, followed by a
+redirect to connect a new social account, you may end up with the attacker's
+Facebook account added to the account of the victim. To mitigate this,
+`SOCIALACCOUNT_LOGIN_ON_GET` is introduced.
+
+
+0.46.0 (2021-11-15)
+*******************
+
+Note worthy changes
+-------------------
+
+- New providers: Gitea, MediaWiki.
+
+- New translations: Georgian, Mongolian.
+
+- Django 3.2 compatibility.
+
+
+0.45.0 (2021-07-11)
+*******************
+
+
+Note worthy changes
+-------------------
+
+- New providers: Feishu, NetIQ, Frontier, CILogin.
+
+
 0.44.0 (2020-11-25)
 *******************
 
@@ -16,6 +97,11 @@ Backwards incompatible changes
   been renamed to ``certificate_key``. This is done to prevent the key from being displayed
   without being masked in Django debug pages.
 
+0.44.0
+******
+
+- Better compatibility with Django 3.2
+
 
 0.43.0 (2020-10-15)
 *******************

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2010-2020 Raymond Penners and contributors
+Copyright (c) 2010-2021 Raymond Penners and contributors
 
 Permission is hereby granted, free of charge, to any person
 obtaining a copy of this software and associated documentation

README.rst

@@ -2,8 +2,8 @@
 Welcome to django-allauth!
 ==========================
 
-.. image:: https://travis-ci.org/pennersr/django-allauth.svg
-   :target: http://travis-ci.org/pennersr/django-allauth
+.. image:: https://github.com/pennersr/django-allauth/actions/workflows/ci.yml/badge.svg
+   :target: https://github.com/pennersr/django-allauth/actions
 
 .. image:: https://img.shields.io/pypi/v/django-allauth.svg
    :target: https://pypi.python.org/pypi/django-allauth
@@ -83,3 +83,4 @@ If you like this, you may also like:
 
 - django-trackstats: https://github.com/pennersr/django-trackstats
 - netwell: https://github.com/pennersr/netwell
+- Shove: https://github.com/pennersr/shove

allauth/__init__.py

@@ -8,7 +8,7 @@
 
 """
 
-VERSION = (0, 44, 0, "final", 0)
+VERSION = (0, 48, 0, "dev", 0)
 
 __title__ = "django-allauth"
 __version_info__ = VERSION
@@ -17,4 +17,4 @@
 )
 __author__ = "Raymond Penners"
 __license__ = "MIT"
-__copyright__ = "Copyright 2010-2020 Raymond Penners and contributors"
+__copyright__ = "Copyright 2010-2021 Raymond Penners and contributors"

allauth/account/__init__.py

@@ -1 +1,5 @@
-default_app_config = "allauth.account.apps.AccountConfig"
+import django
+
+
+if django.VERSION < (3, 2):  # pragma: no cover
+    default_app_config = "allauth.account.apps.AccountConfig"